If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Type 1 attacks are easily defeated by changing the registration form in ways the bots don't expect. We've reduced the bots in a phpBB board with a few simple tricks:
- changed the URL of the registration form, most bots don't even find it any more. Disallowing the registration form in robots.txt seems to help, too.
- we made the "username" field invisible (via css). If anyone submits a non-empty "username", it's a bot.
- we added a field "actual_username" that's displayed instead. If anyone submits an empty actual_username, it's a bot.

It's as effective as a custom captcha but not as annoying.

Custom registration forms can be defeated by hand-crafting attacks to the specifics of the board (attacks of type 2), but usually nobody will bother. Our 100k-person board should be more attractive for such things, but it hasn't happened yet.

The best automation against Type 3) are badword-filters, disabling links in the first x posts or adding new threads of recently-registered to the moderator-queue.

1) they always start a new thread on their initial spam, make it so that creating a new thread on the first posts from a new user can't be put up until reviewed

2) since these are mostly bot signups have the signup process not accept a signup when the form is "instantly" filled from their macro's, etc. Usually with their signups are filled in all in one shot, something a human couldn't really do. Restrict it to the signup process has to take at least a minimum time such as 10 seconds.

There are other ways as well to minimize the effect, they just have to be put in place.

There's mods and patches for vbulletin for thwarting spammers cold.

Also disabling signatures and avatars for new people till they reach a certain number of posts also helps too, as some spammers use signatures filled with links to badware

Originally Posted by Michael

Added "Android" and "converter" to the list of checks that will flag a post for the moderation queue if the user's post count is less than three, that should cut out lots of this spam lately.

as other "spam words" pop up add them to the checklist too.

@Michael, spammers will always try to get around whatever you throw at them, so its pretty much a must to keep devising new ways to keep on top of the spammers.

Originally Posted by L33F3R

oh man. poor Qaridarium would be trying for hours and hours.

LOL!

But Q's not really a spammer though, despite how badly worded his posts are.